SASE and Zero Trust: Four Requirements to Get Beyond “Vision” and Get it Right


SASE and Zero Trust 4 requirements hero

By combining SASE and Zero Trust, you can consistently apply and enforce security performance policies across your entire network—and give consumers the security and performance they expect.

Gartner coined the term “SASE” (Secure Access Service Edge) less than two years ago, before anyone had heard of “COVID-19.” At that time, Gartner described SASE as a visionary, dynamically created, policy-based security framework that could better protect the explosion of endpoint devices at the network edge.

SASE goes beyond the capabilities of traditional network security and SD-WAN security because it is specifically built for today’s realities, where the data center is no longer a “center,” the corporate network is a myriad of networks, every user is a branch office, and there is no end to new endpoints.

When combined with a Zero Trust (ZT) approach, in which everyone and everything is authenticated before access is granted, SASE enables companies to consistently apply and enforce security across their entire landscape—continuously and at scale.

The pandemic has forced a new model of network security and made it an urgent priority for many companies. Post-pandemic working-from-home projections further intensify the need for distributed security, especially for companies delivering new cloud-native software products that will be consumed at the edge.

SASE with Zero Trust is emerging as the best option for this new world. But the question remains: how will you transform the “promise” and “potential” of SASE/ZT into real results, right now? How can you get control over the new norm of remote workers and distributed applications, and give consumers the security and performance they expect?

This blog gives you four focal points for addressing those questions so you can harness a SASE/ZT framework that really works for your developers, your consumers, and your business.

#1: Test every conceivable deployment environment.

As you develop products and services for the SASE/ZT marketplace, make sure you test, validate and assure your solutions by pushing your software to the limit from every angle. Make sure your offerings will work in any network, from any cloud, under any set of circumstances, so you can accelerate your learning curve and deliver better outcomes for your customers.

Test and validate with fully virtualized testing and validation solutions that can be deployed in any cloud environment—public cloud, private cloud, telco cloud, edge cloud, multi-cloud, hybrid cloud or local cloud.

These principles apply whether you’re creating a 5G Core or Metro Edge, operating a quality assurance lab, integrating with CI/CD developer tool-chain, and more. Make sure you have holistic SASE/ZT testing, validation, and assurance capabilities. Whether your architecture is based on virtual machines, containers, or bare metal infrastructure, you need to maintain maximum flexibility of deployment across all possible network scenarios.

Of course, it is critical to both validate the design of the service prior to deployment and assure that security and performance are up living up to expectations in the actual production environment. Get your testing from a source that has the tools and experience to do both equally well.

#2: Assess with real traffic, not just “simulation.”

You need to be able to fully emulate your application environment at scale and you need the ability to run attack scenarios in the way a hacker would, entering the network the same way and launching the same code or evasion techniques. With simulation, it’s just play-acting.

Real-world traffic generation and test methodologies give you an accurate representation of all facets of the networking landscape—from discrete application emulation behaviors to fully compliant encrypted transmissions, and the ability to inject impairments, system errors or artificial latencies—that help you understand how your solution will perform under duress.

These capabilities ensure that any product or service under development can be stressed with every scenario that might occur in a production environment, giving the developer the peace of mind that their product is prepared for all eventualities.

#3: Measure the impact of the vulnerabilities you identify.

This is a side benefit of doing realistic attack emulation. Simulating attacks with basic packet replay can lead to false results. With stateful emulation you can assess and quantify the impacts of your security countermeasures in real time against real attack vectors, and you can also evaluate the impact your security measures have on your business model.

For example, if application performance is paramount and cannot be sacrificed due to security measures, you can identify security policies that degrade performance without providing additional security coverage. Your teams can make changes and verify the balance between performance and security continuously.

#4: Make sure the testing is objective and vendor-neutral.

When you look at the history of any new innovation in the networking arena, you have to ask one critical question before you adopt the technology: Who’s setting the standards?

Look no further than SD-WAN. Widespread concern over a lack of standards initially threatened multi-vendor interoperability. Vendors with hidden agendas and competing charters made a host of claims about their products and services, leading to confusion and complexity. Thankfully, the community has responded in the Metro Ethernet Forum (MEF) to instill order by creating consensus in the form of SD-WAN certifications.

Simply put, work with a testing solution provider that works with the community to ensure that its solutions conform to industry standards and specifications—not just MEF, but all segments of the network communications market, including high-speed Ethernet, WiFi-6, 5G, Global Positioning and Timing and Lifecycle Service Assurance, and, of course, SASE and Zero-Trust.

If you can get independent, standards-based, vendor-neutral testing, validation, and assurance of security and performance in the SASE/ZT environment, you may just attain something that’s exceedingly rare today: peace of mind.

One example shows how everyone wins

How does the holistic, realistic, standards-based approach to SASE/ZT validation outlined in this blog benefit real-world companies? Here’s one quick example. I’ll leave the company names out, but the story is true.

One of our clients, a large, high-speed telecom service provider, had a request from a customer, a global financial services enterprise. The financial service firm provides a guest network to its end customers in branch offices, and they wanted assurance that an edge security managed service could be integrated into its SASE framework without degrading the user experience.

The company did not want a “best guess.” They wanted a reality check. Spirent was able to validate that the security edge technologies of SASE were operating properly in the policy domain WITHOUT creating latencies in the performance domain.

Spirent tested and confirmed how many users could be supported. Along the way, our testing also uncovered new insights, such as:

  • What types of traffic performed most efficiently

  • What could potentially cause performance slow-downs

  • How those slow-downs could be avoided

  • Capacity of VPN connectivity

  • And traffic anomalies that needed further attention.

This created a win for everyone:

  • The telecom service provider got an objective validation of network performance

  • The security service provider gained insights into performance issues it hadn’t accounted for

  • The financial services customer validated that its guest network met user expectations

  • And Spirent proved its value in the new world of SASE/ZT security testing and validation

To quickly recap: by combining SASE and Zero Trust, you can consistently apply and enforce security performance policies across your entire network. This comes with a number of benefits:

  • Stronger network security with fewer layers to manage

  • Centralized policy management

  • Lower costs with higher scalability

  • And a single view of your entire network

And if you do it right, you can give consumers the security and performance they expect.

Watch the video to learn more about SASE and Zero Trust右箭头图标




Dave Larson
Dave Larson


Dave现任思博伦通信公司的云及IP业务总经理,负责公司的总体技术构想和战略工作。Dave领导思博伦的高级技术团队,专门孵化云原生领域具有前瞻性的测试、测量和保障解决方案,并将其融入思博伦的所有产品线中。Dave在联网、网络安全和云架构方面拥有超过25年的工作经验,并且在新兴技术初创企业和大型公共企业中均有任职经历。 在加入思博伦之前,Dave担任Hewlett Packard Enterprise公司负责数据中心联网业务的副总裁兼总经理,以及联网、安全和先进云技术及战略首席技术专家。 此前,Dave担任Corero Network Security公司的首席运营官/首席技术官。该公司是一家面向运营商的TB级DDoS消减解决方案开发商。在此之前,Dave也曾担任过HP Networking公司负责先进技术的副总裁兼首席技术官。 Dave曾在多个公司担任过高级产品和技术职务,包括3Com公司、TippingPoint、Xedia(后被Lucent收购)、Sandburst(后被Broadcom收购)和Tizor Systems(后被Netezza/IBM收购)。 Dave拥有高登学院(Gordon College)的物理学理学学士学位。该校坐落于马萨诸塞州的温汉姆市。